
WHAT IS CLAIMED IS 



1. A method for communicating in a distributed computing/ environment, 
5 comprising: 

receiving a message in a data representation language from a source to be sent to a 
destination; 



10 



verifying type correctness of said message according to a data representation 
language schema; 



15 



attaching an authentication credential to said message, wherein said authentication 
credential identifies said source/ and 

sending said message to said destination. 



2. The method as recited in clajm 1, wherein said source is a client in the distributed 
computing environment and saidr destination is a service in the distributed computing 
20 environment, the method further comprising: 



25 



receiving said data representation language schema, wherein said data 
representation language schema defines a message interface for accessing 
the service; and 

generating message endpoint for the client according to said data representation 
anguage schema, wherein said verifying type correctness and said 
attaching an authentication credential are performed by said message 
endpoint for the client. 



30 
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3. The method as recited in claim 2, wherein said data representation language 
schema defines a set of messages in the data representation language that saicj/client may 
send to said service to access said service. 

4. The method as recited in claim 3, further comprising said message endpoint for 
the client verifying that said message to be sent to said service/complies with a data 
representation language message definition from said data/representation language 
schema. 

5. The method as recited in claim 3, further comprising said client obtaining from 
said message endpoint the set of data representation language messages that said client 
may send to said service. 

6. The method as recited in claim 3^ wherein said set of messages in the data 
representation language that said client may send to said service is a subset of all 
messages that can be handled by saidyservice so that said client's access to said service is 
restricted. 

7. The method as recited/iii claim 2, further comprising: 

said message enapoint for the client receiving a data representation language 
message from said service, wherein said data representation language message from said 
service includes an authentication credential for said service; 

said m^sage endpoint for the client using said authentication credential for said 
service to authenticate said data representation language message from 
said service as being from said service; and 



said client obtaining, from said message endpoint for said client, the authenticated 
message from said service. 
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8. The method as recited in claim 7, wherein said data representation language 
schema defines a set of messages that said service may send to said client, the method 
further comprising said message endpoint for the client verifying the correctness of said 

5 data representation language message from said service according to said data 
representation language schema. 

9. The method as recited in claim 2, further comprising binding said message 
endpoint for the client a single destination address so that said message endpoint only 

10 sends messages to said destination address. 

10. The method as recited in claim 9, wherern said destination address is a Uniform 
Resource Identifier (URI) for said service/wherein said sending said message to a 
destination comprises sending said message to an address specified by said URI using a 



ry 

nj 15 protocol specified by said URL 



□ 11. The method as recited m/flaim 2, wherein said message endpoint for the client is a 

m 

yj single atomic unit of program code that provides an abstraction for said service to said 



client. 



12. The method ds recited in claim 11, wherein said single atomic unit of program 
code is generated under control of said client's execution environment. 

13. The ryfethod as recited in claim 2, wherein once generated said message endpoint 
25 for the chant cannot be altered as to said verifying type correctness and said attaching an 

authentication credential. 

14/ The method as recited in claim 2, wherein said client comprises a client process 
id wherein said service comprises a service process, and wherein said client process is 
r executable under a different type of execution environment than said service process. 
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15. The method as recited in claim 1, wherein said data representation language is 
extensible Markup Language (XML). 

16. The method as recited in claim 1, wherein said source As a service in the 
distributed computing environment and said destination is a client in the distributed 
computing environment, the method further comprising generating a message endpoint 
for the service according to a data representation language schema, wherein said verifying 
type correctness and said attaching an authentication credential are performed by said 
message endpoint for the service, and wherein said data representation language schema 
defines a message interface between said service and^said client 

17. A device, comprising: 
a processor; 

a memory coupled to said processor; 

a message gate unit configured to: 

receive a message in a data representation language from a source to be 
sent to a destination, wherein said source is a process executed by 
id processor from said memory; 

vejrffy type correctness of said message according to a data representation 
language schema; 

attach an authentication credential to said message, wherein said 
authentication credential identifies said source; and 




Atfy. Dkt. No. : 5 1 8 1 -63300 1 5 1 Conley Rose & Tayon, RC 




send said message to said destination. 

18. The device as recited in claim 17, wherein said source is a client process in the 
distributed computing environment and said destination is a service in ^ne distributed 
computing environment, the device is further configured to: 

receive said data representation language schema, wherein/said data representation 
language schema defines a message interface for accessing the service; and 



m 



10 generate said message gate unit according to smd data representation language 

schema, wherein said verifying type/correctness and said attaching an 
authentication credential are perforated by said message gate unit. 

19. The device as recited in claim 18/wherein said data representation language 
15 schema defines a set of messages in the data representation language that said client 
process may send to said service to access said service. 



UJ 

s I 



20 



20. The device as recited m claim 19, wherein said message gate unit is further 
configured to verify that sai^ message to be sent to said service complies with a data 
representation language jnessage definition from said data representation language 
schema. 



25 



21. The device/as recited in claim 19, wherein said client process is configured to 
obtain from sai<r message gate unit the set of data representation language messages that 
said client prdfcess may send to said service. 



22. /The device as recited in claim 19, wherein said set of messages in the data 
representation language that said client process may send to said service is a subset of all 
sssages that can be handled by said service so that said client process's access to said 
Service is restricted. 
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23. The device as recited in claim 18, wherein said message gate unit/for the client is 
further configured to: / 



receive a data representation language message from said service, wherein said 
data representation language message from said service includes an authentication 
credential for said service; 

use said authentication credential for said^ service to authenticate said data 
representation language message ^rom said service as being from said 
service; and 

wherein said client process is configured to obtain, from said message gate unit 
for said client, the authenticated message from said service. 

24. The device as recited in/claim 23, wherein said data representation language 
schema defines a set of messages that said service may send to said client process, 
wherein said message gate unit for the client is further configured to verify the 
correctness of said data representation language message from said service according to 
said data representation language schema. 

25. The device as recited in claim 18, wherein said message gate unit for the client 
process is bourn to a single destination address so that said message gate unit only sends 
messages tovsaid destination address. 



26. ^The device as recited in claim 25, wherein said destination address is a Uniform 
Resource Identifier (URI) for said service, wherein said message gate unit is further 
configured to send said message to an address specified by said URI using a protocol 
specified by said URI. 
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27. The device as recited in claim 18, wherein said message gate unit for th^Tclient is 
a single atomic unit of program code executed by said processor that ^provides an 
abstraction for said service to said client process. / 

28. The device as recited in claim 27, wherein said device is configured so that said 
single atomic unit of program code is generated under control of device's execution 
environment. / 

29. The device as recited in claim 18, wherein sajd message endpoint for the client is 
configured so that once generated said message ejrapoint for the client cannot be altered 
as to verifying type correctness and attaching tip authentication credential. 

30. The device as recited in claim 18/wherein said client process is executable under 
a different type of execution environment than a service process for said service. 

31. The device as recited in/claim 17, wherein said data representation language is 
extensible Markup Language/(XML). 

32. The device as recited in claim 17, wherein said source is a service process in a 
distributed computing environment and said destination is a client in the distributed 
computing environment, the device further configured to generate said message gate unit 
for the service according to a data representation language schema, and wherein said data 
representation language schema defines a message interface between said service and said 
client. / 

The device as recited in claim 17, wherein said device is a computer system, 
die telephone, or personal digital assistant. 

34. A carrier medium comprising program instructions, wherein the program 
instructions are computer-executable to implement: 
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receiving a message in a data representation language from a source to b< 
destination; / 



;ent to a 



verifying type correctness of said message according to a d^a representation 
language schema; 

attaching an authentication credential to said message, ylierein said authentication 
credential identifies said source; and 

sending said message to said destination. 



35. The carrier medium as recited in claimy34, wherein said source is a client in the 
distributed computing environment and said destination is a service in the distributed 
computing environment, and wherein the program instructions are further computer- 
executable to implement: 



receiving said data representation language schema, wherein said data 
representation language schema defines a message interface for accessing 
the service; and 




generating a message endpoint for the client according to said data representation 
langvfage schema, wherein said verifying type correctness and said 
taching an authentication credential are performed by said message 
/fendpoint for the client. 



36. The carrier medium as recited in claim 35, wherein said data representation 
language schema defines a set of messages in the data representation language that said 
client may send to said service to access said service, and wherein the program 
instructions are further computer-executable to implement: 
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said message endpoint for the client verifying that said message to be dent to said 
service complies with a data representation language message definition 
from said data representation language schema. / 



37. The carrier medium as recited in claim 35, wherein the program instructions are 
further computer-executable to implement: / 

said message endpoint for the client receiving/a data representation language 
message from said service, wherein said data representation language message from said 
service includes an authentication credential for saua service; 

said message endpoint for the client^using said authentication credential for said 
service to authenticate sajd data representation language message from 
said service as being from said service; and 



said client obtaining, from said message endpoint for said client, the authenticated 
message from said service. 



38. The carrier medium as recited in claim 37, wherein said data representation 
language schema defines a set of messages that said service may send to said client, and 
wherein the program/instructions are further computer-executable to implement: 



said message endpoint for the client verifying the correctness of said data 
representation language message from said service according to said data 
representation language schema. 

The carrier medium as recited in claim 35, wherein the program instructions are 
;her computer-executable to implement: 



/ 
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binding said message endpoint for the client a single destination address so that 
said message endpoint only sends messages to said destination address. 

40. The carrier medium as recited in claim 39, wherein said destination address is a 
Uniform Resource Identifier (URI) for said service, and wherein^ in said sending said 
message to a destination, the program instructions are furthej/computer-executable to 
implement: 

sending said message to an address specif ie^/by said URI using a protocol 
specified by said URI. 

41. The carrier medium as recited in claim 3o, wherein said message endpoint for the 
client is a single atomic unit of program codes'that provides an abstraction for said service 
to said client. 

42. The carrier medium as recited in claim 34, wherein said data representation 
language is extensible Markup Language (XML). 



43. The carrier medium as recited in claim 34, wherein said source is a service in the 
distributed computing Environment and said destination is a client in the distributed 
computing environment, and wherein the program instructions are further computer- 
executable to implement: 

generating a message endpoint for the service according to a data representation 
language schema, wherein said verifying type correctness and said 
attaching an authentication credential are performed by said message 
endpoint for the service, and wherein said data representation language 
schema defines a message interface between said service and said client. 
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